Today’s kids are living in a new technological age. An age where they can get their favorite cartoon on demand, and have never had to wait until Saturday morning at 9 am EST to watch Inspector Gadget. They have never had to wait for a modem to dial up, listening to the beeps and whirs hoping to get connected. Games are instantly available at their fingertips, or on their parent’s phones. Before even being able to read, they can navigate a touch screen like a pro and give their grandparents a tutorial on SnapChat filters. With all this unfettered access also comes growing concerns about protecting the privacy of children’s data while online.
This is the exact intent of the Children’s Online Privacy Protection Act (COPPA) which prohibits apps aimed at children, or any third parties working with or advertising through such app developers, from collecting personal information on children 12 and under without verifiable parental consent. The Federal Trade Commission (FTC) released an updated guidance document to the Children’s Online Privacy Protection Act (COPPA) in June which explicitly calls out IoT devices and connected toys as being in scope of COPPA. The increased scope of the regulation could spell trouble for many businesses with potential fines of up to $40,654 per individual violation. Disney company, Playdom, had to pay out $3M in 2011 for such violations and was recently in the news as another suit is being filed against them for violations in one of their apps.
The updated guidelines also call out some additional methods for obtaining parental consent:
- knowledge-based questions
- verify a picture of a driver's license of other photo ID submitted by the parent and then comparing that photo to a second photo submitted by the parent, using facial recognition technology
This is in addition to the following methods that were already available:
- sign a consent form and send it back to the company via fax, mail, or electronic scan;
- use a credit card, debit card, or another online payment system that provides notification of each separate transaction to the account holder;
- call a toll-free number staffed by trained personnel;
- connect to trained personnel via a video conference;
- provide a copy of a form of government issued ID that you check against a database, as long as you delete the identification from your records when you finish the verification process
This issue is also getting attention in Europe where the General Data Protection Regulation (GDPR), which is set to go into effect in May of 2018, also includes provisions around the protection of children’s data and requirements for express parental consent. It sets a higher bar with consent being required for children 16 and under. Potential fines for transgressors could be over €10m or 2 percent of worldwide turnover, whichever is greater and is globally enforceable.
Obviously, most of the current methods for verifying parental consent and assuring COPPA compliance are very burdensome on the consumer and the business, so the addition of the new parental consent methods is welcome news. Rather than adding additional resources to man call centers (or fax machines), businesses can simply deploy a multifactor device-based authentication solution with built-in authorization capabilities.
LaunchKey has a unique authorization capability that allows a user or multiple users to remotely approve requests or transactions. There are a number of use cases where this capability can assist with COPPA compliance and satisfy parental consent requirements.
- Real-Time Authorization - LaunchKey can push authorization requests for designated activities. For example, an authorization request could be pushed to a parent when a child first downloads an application.
- Biometric Authentication - utilize the phone’s built in biometric capabilities to authenticate parents, satisfying parental consent requirements.
- Transaction Authorization - push real-time authorization requests to parents for any in-app or online purchases.
LaunchKey’s real-time multifactor authentication and frictionless authorization capabilities make it uniquely suited to help businesses navigate a complex regulatory environment without compromising the customer experience or in this instance the play experience.
Want to learn more about LaunchKey? Check out this short video.